Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.2 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-0191
WordPress 2.2.x and 2.3.x allows remote malicious users to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3
6.5
CVSSv2
CVE-2007-3140
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
Wordpress Wordpress 2.2
1 EDB exploit
6
CVSSv2
CVE-2007-3238
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. ...
Wordpress Wordpress 2.2
4.3
CVSSv2
CVE-2007-3239
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme prior to 20070607 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution...
Wordpress Wordpress 2.2
4.3
CVSSv2
CVE-2007-3240
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote malicious users to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administ...
Wordpress Wordpress 2.2
4.3
CVSSv2
CVE-2007-3241
Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote malicious users to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.
Wordpress Wordpress 2.2
4.3
CVSSv2
CVE-2008-0193
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and previous versions, and possibly 2.1.x up to and including 2.3.x, allows remote malicious users to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-a...
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 2.3
Wordpress Wordpress 2.1
Wordpress Wordpress 2.2.0
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.2 Revision5002
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.2
Wordpress Wordpress
1 EDB exploit
4.3
CVSSv2
CVE-2007-4014
Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter, pos...
Wordpress Blix 0.9.1
Wordpress Blixed 1.0
Wordpress Blixkrieg 2.2
6.8
CVSSv2
CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a...
Wordpress Wordpress 2.0.10
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.2 Revision5002
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.0.3
Wordpress Wordpress 2.0.4
Wordpress Wordpress 2.1.3 Rc1
Wordpress Wordpress 2.1.3 Rc2
Wordpress Wordpress 2.2
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
1 EDB exploit
4.3
CVSSv2
CVE-2007-4893
wp-admin/admin-functions.php in Wordpress prior to 2.2.3 and Wordpress multi-user (MU) prior to 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2...
Wordpress Wordpress 1.2.1
Wordpress Wordpress 1.2.2
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1.2
Wordpress Wordpress 2.1.3
Wordpress Wordpress 2.2 Revision5003
Wordpress Wordpress 0.6.2.1
Wordpress Wordpress 0.7
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 2.0
Wordpress Wordpress 2.0.5
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 0.6.2
Wordpress Wordpress 0.71
Wordpress Wordpress 1.2
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.0.10 Rc1
Wordpress Wordpress 2.0.7
Wordpress Wordpress 2.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »